Welcome to The Dashlane Tech Check for April 7, 2017! I’ll help you catch up on Dashlane-related news and the big news in the tech industry. And just for fun, I’ll include a useful lifehack that will keep you safe and secure all year long.
What in the (Security) World?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
NASA worries about hackers intercepting data sent to and from planet Earth against cyber attacks
Hacking a rocket into space? It’s a scenario NASA’s chief information security officer, Jeanette Hanna-Ruiz is dedicated to preventing. “It’s a matter of time before someone hacks into something in space,” says Hanna-Ruiz in an interview with Bloomberg Politics. “We see ourselves as a very attractive target.” Hanna-Ruiz has to protect everything from the department’s email systems to U.S. networks in Russia, to huge amounts of in-house scientific data. However, her biggest concerns are hackers breaching communications between NASA and one of its 65 spacecraft transmitting research data. Check out her full interview in Bloomberg Politics.
Hackers are stealing tens of thousands of dollars from third-party Amazon sellers
According to Infosecurity Magazine, hackers are using stolen credentials purchased on the Dark Web from earlier data breaches to break into seller accounts. Once they access those accounts, criminals can change the seller’s bank-deposit information or post “deals” on Amazon for non-existent merchandise. Sellers can protect themselves by using strong passwords and avoiding their re-use and enabling two-step verification.
Twitter wins its battle with DHS over unmasking anti-Trump account
In last week’s Tech Check, we included a report about Twitter suing the U.S. government for attempts to unmask an anti-Trump account owner. This week, Infosecurity Magazine says the U.S. government has withdrawn its summons demanding the social media platform to reveal the owner of the anti-Trump parody account, and Twitter also dropped its countersuit. There’s no word on why the U.S government decided to drop its summons.
European Union (EU) and NATO countries join forces to combat ‘hybrid’ cyber threats
On Tuesday, several EU and NATO countries signed the Memorandum of Understanding to create a center in Helsinki, Finland to research how to tackle cyber attacks, propaganda, and disinformation. Reuters is reporting the United States, Britain, France, Germany, Sweden, Poland, Finland, Latvia, and Lithuania have officially signed on, and more countries are expected to join in July. 10 experts from the participating countries are expected to begin working at the center by later this year.
Hacker group releases password to files related to leaked NSA hacking tools
The “Shadow Boxers” took to Medium to post the password to files associated with the leaked U.S. National Security Agency hacking toolkit. According to ABC News, in October, this same group leaked information that could identify computers used to obscure U.S. electronic eavesdropping.
Government hackers used a recently discovered vulnerability in Microsoft Word to target Russian victims
An unidentified group of government hackers exploited a recently discovered vulnerability in Microsoft Word to target Russian victims with infected documents, says Motherboard. The hackers phished victims in order to infect their devices with FinSpy, a spyware made by the surveillance technology firm FinFisher. According to researchers, it’s hard to tell who exactly is behind the operations and who was targeted, but it does appear someone is “selling the exploit both on the black market and to FinFisher or to some of its customers.” Microsoft patched the vulnerability on Tuesday, but clearly, hackers had been exploiting it for months.
The CIA’s alleged hacking tools are linked to at least 40 hacks around the world
Since WikiLeaks published documents and other information about the U.S. Central Intelligence Agency’s (CIA) hacking tools and operations, researchers at Symantec have apparently managed to link those tools to documented attacks around the world. According to Motherboard, a Symantec researcher found that CIA spying tools and operations revealed in the Vault 7 leaks are connected to cyber attacks against at least 40 targets in 16 different countries. The government hackers were part of a group dubbed “Longhorn”, which has been active since at least 2011 and has infiltrated targets in government, financial, telecoms, energy, aerospace, education, and natural resources sectors.
Hackers can steal your phone’s PIN just by the way your phone tilts
Making headlines this week is new findings from computers scientists in Newcastle University who managed to guess a four-digit PIN number with 70 percent accuracy using the gyroscopes in your smartphone. According to The Guardian, the researchers were able to correctly guess the PIN number within five attempts. “But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you, such as phone call timing, physical activities and even your touch actions, pins and passwords,” says Dr. Maryam Mehrnezhad, research fellow at the School of Computing Science.
A data breach at payday loan firm Wonga affects more than 245,000 customers
Tech Crunch reported that U.K. payday loan firm Wonga suffered a data breach affecting up to 245,000 customers and additional 25,000 customers in Poland may also be affected. Wonga is warning affected customers to be “extra vigilant” and to alert their bank of potential risk.
Dashlane News You Shouldn’t Snooze
What do Dashlane, Beyonce & Game of Thrones have in common? We’ve all been nominated for “the internet’s highest honor”– A 2017 Webby Award! We’re competing for the for ‘Best Service & Utility App‘ against some industry giants, including Google, Squarespace, and Uber. Every vote counts! Show your support for Dashlane and cast your vote before April 20!
This Week’s Lifehack to Improve Your Security
A few weeks ago, our weekly Dashlane Tech Check featured a brand-new discovery: “Lip Motion Passwords”. You won’t see lip motion passwords on your phone or desktop devices anytime soon, but several publications, bloggers, and experts claim that biometrics can completely replace or “kill off” the password. Before you activate your phone’s TouchID or Fingerprint Scanner, read our 10 reasons why biometric technology still has a long way before it completely replaces passwords.
Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check.
Also, don’t forget to follow us on Twitter to always be in the know! In our last Tech Check, the White House is considering instituting “extreme vetting” measures that would require U.S. visitors to hand over their phones and passwords.